v1.6-v1.7 PLEASE BE WARNED: My live site got warning using nulled Mypresta modules!

[tuuni]

[IMG='width:492px;']https://www.onlygfx.com/wp-content/uploads/2019/04/8-grunge-word-warning-cover.png[/IMG]

Hi all.

I want you to let you also know that live site got warning from the author from different mypresta.eu modules. He is saying to buy the product or take the module down or he will send you DMCA takedown act. He must be a real capitalist who is full of greed!

I suggest he has some script what crawls some certain module files locations and file names like some module js files, configuration xml files and inside top comment copyright area of client-side html files. I suggest to rename those files and remove comments if you use it on live site, then you hopefully not get monitored.

Peace out.

---

Please like the post if you find it helpful.

Post automatically merged: Sep 26, 2020

 

[leoseo]

Can you share with us the name of the plugin with the problem?

 

[tuuni]

All the mypresta modules which are frontend based. backend modules seems to be ok, like import/export modules.

 

[prokill]

Have you checked that in the scripts, there are not php code that connect to mypresta website? (such as checking latest version or so).

 

[hoodiegamers]

I think there is a code which checks the license or something like that.

 

[Jan Doe]

Thanks for the warning, even though I only use 1 free module from MyPresta

 

[prokill]

yep checked a module for example, here is the code i have found. Scripts need to be nulled! by checking the current version, it will send stats with your shop URL. please just remove those codes!

      if (ini_get("allow_url_fopen")) {
            if (function_exists("file_get_contents")) {
                $actual_version = @file_get_contents('http://dev.mypresta.eu/update/get.php?module=' . $module . "&version=" . self::encrypt($version) . "&lic=$key&u=" . self::encrypt(_PS_BASE_URL_ . __PS_BASE_URI__));
            }
        }

 

[pk2res]

thank you for sharing the modules

 

[prokill]

It might also be something to do with Prestatrust protection then but the code up there I have found is enough for the developer to find out if you have paid for the license.

 

[vanhostingweb.com]

yep checked a module for example, here is the code i have found. Scripts need to be nulled! by checking the current version, it will send stats with your shop URL. please just remove those codes!

      if (ini_get("allow_url_fopen")) {
            if (function_exists("file_get_contents")) {
                $actual_version = @file_get_contents('http://dev.mypresta.eu/update/get.php?module=' . $module . "&version=" . self::encrypt($version) . "&lic=$key&u=" . self::encrypt(_PS_BASE_URL_ . __PS_BASE_URI__));
            }
        }

And what is the solution if we have that part of the code? do we remove the link to de.mypresta.. or all that sentence "if" ?

 

[broxit]

Better to check if there any link or lisence checker that running when website is live.

 

[Edongo]

How I can install it I have error

 

[lebuzz]

thanx for the warning

 

[michi]

Thanks for the warning, I'll be attentive

 

[il-malti]

Thank you for the warning. Creepy stuff

 

[mickneo]

yep checked a module for example, here is the code i have found. Scripts need to be nulled! by checking the current version, it will send stats with your shop URL. please just remove those codes!

      if (ini_get("allow_url_fopen")) {
            if (function_exists("file_get_contents")) {
                $actual_version = @file_get_contents('http://dev.mypresta.eu/update/get.php?module=' . $module . "&version=" . self::encrypt($version) . "&lic=$key&u=" . self::encrypt(_PS_BASE_URL_ . __PS_BASE_URI__));
            }
        }

I confirm, this function checks the current version of the module and look for updates. The developer therefore receives all the information about your website.
Thanks for the warning!

 

[tonyviroos]

Thanks for the warning

 

[billoceceo]

Better to check if there any link or lisence checker that running when website is live.

You could indicate what method you use to perform these checks.
Thanks in advance

 

[axelien56]

yep checked a module for example, here is the code i have found. Scripts need to be nulled! by checking the current version, it will send stats with your shop URL. please just remove those codes!

      if (ini_get("allow_url_fopen")) {
            if (function_exists("file_get_contents")) {
                $actual_version = @file_get_contents('http://dev.mypresta.eu/update/get.php?module=' . $module . "&version=" . self::encrypt($version) . "&lic=$key&u=" . self::encrypt(_PS_BASE_URL_ . __PS_BASE_URI__));
            }
        }

or just disable allow_url_fopen from your server configuration

 

[Whiterabbit]

Thanks for the warning.